[Samba] Prevent smbpasswd lan manager field change

Jansen Robert rjansen at vub.ac.be
Mon Apr 12 04:15:59 MDT 2010

Dear all,

We recently upgraded an old samba 3.0.10 to 3.4.6 due to broken quota when
moving from Veritas to NFS mounts from a Cellera EMC.


Our samba passwd backend is a smbpasswd file.
This file is generated from a database.

Recently we see that some PC clients manage to change the LANMAN field in
the smbpasswd file.



get changed to


Users do NOT have access to the smbpasswd binary, so it's via a client
(verified this via a Win 7 client trying the change his Samba passwd)

Can anyone shed some light on why this happens in the 3.4.6 version ?
We actually do not want this to happen as the smbpasswd file is getting
out of sync with our database.

As far as I understand all the smb.conf options with their default setting
should prevent changes in the smbpasswd file.

Here's our smb.conf:

# Global parameters
        server string = ACME Samba
        log level = 01
        log file = /tmp/SAMBA/logs/log.%m
        max log size = 200
        name resolve order = lmhosts host wins bcast
        socket options = TCP_NODELAY SO_KEEPALIVE
        load printers = No
        dns proxy = No
        ldap ssl = no
        create mask = 0600
        directory mask = 0700
        hosts allow = <obfuscated>
        delete readonly = Yes

        passdb backend = smbpasswd

        comment = Home Directories
        read only = No
        map system = Yes
        map hidden = No
        browseable = No
        dos filemode = Yes

        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

Thanks in advance


Brussels University
Pleinlaan 2
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
B-1050 Brussels
Belgium (Europe)

email: rjansen at vub.ac.be
Tel:  +32-2-650.36.94
Secr: +32-2-650.37.38
Fax:  +32-2-650.37.40

More information about the samba mailing list